rails-acu 3.0.8 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 97969674a8952b965502e8ad3c1713f98044fa47
-  data.tar.gz: 648b3ce5a6494109de3928b4a044310d456200cd
+SHA256:
+  metadata.gz: 9f40e9fa79e4a513723d3c0a3a3474228a2ab23e1a4f5e94c6f166e91aa33297
+  data.tar.gz: be8ac9eb7ee156af85ffb4198784e65477e528e4959ebde574f56268256dd26c
 SHA512:
-  metadata.gz: 67e7ccfb035a71ce3eaf24d5978c52bfb3cf77a1ad80181bcf13e06e7424cd287c8db67bf949b549cd6be6abdb307fde9db061def498bed1fd82346dbe225275
-  data.tar.gz: fe86bd940b4bd688b62bd1f95c31aaf33a771a18a895ee42f92715ee08350de1816e72b7018e558ce252283b982288cfb0834977f582d05dfb431b34efa9a5b9
+  metadata.gz: 40bc82e82afb5281a9664457c938c5f99da62fdf93616b34077b9c9d2a81b80a1c3209c6084d4a7eab447bb6acdbe2393b65c53234b42cc68f0963e8d8132b18
+  data.tar.gz: 2f678f43962ec1ee11197a4ba9f2be880309f590f3859923853fe4b6ab3a1009d1e9263d1a86822168c3635af8682ef84b43d817d807bb60e004cc3b8e80f75c

data/.travis.yml

@@ -1,7 +1,7 @@
 language: ruby
 
 rvm:
-  - 2.4.1
+  - 2.6.3
 
 cache: bundler
 
@@ -14,8 +14,9 @@ matrix:
   fast_finish: true
 
 before_install:
-  - gem update --system 2.6.11
-  - gem install bundler -v 1.14.6
+  - gem update --system 3.0.3
+  - gem install bundler -v 2.0.2
+  - bundler install
 
 script:
   - export RAILS_ENV=test

data/Gemfile

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-ruby '2.4.1'
+ruby '2.6.3'
 
 git_source(:github) do |repo_name|
   repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
@@ -26,7 +26,7 @@ gem 'sprockets', '~> 3.7.2'
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platform: :mri
-  gem 'rspec-rails', '~> 3.5'
+  gem 'rspec-rails', github: 'rspec/rspec-rails', :tag => "v4.0.0.beta2"
   gem 'sqlite3'
   gem 'awesome_print', github: 'awesome-print/awesome_print'
   gem 'devise'

data/Gemfile.lock

@@ -4,79 +4,106 @@ GIT
   specs:
     awesome_print (1.8.0)
 
+GIT
+  remote: https://github.com/rspec/rspec-rails.git
+  revision: 0919d6e0133b89c19a1518e3d82e014fd39bc06f
+  tag: v4.0.0.beta2
+  specs:
+    rspec-rails (4.0.0.beta2)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.8)
+      rspec-expectations (~> 3.8)
+      rspec-mocks (~> 3.8)
+      rspec-support (~> 3.8)
+
 PATH
   remote: .
   specs:
-    rails-acu (3.0.7)
-      rails (>= 5.0.0)
+    rails-acu (4.0.0)
+      rails (~> 6.0, >= 6.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.2)
-      actionpack (= 5.2.2)
+    actioncable (6.0.0)
+      actionpack (= 6.0.0)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.2)
-      actionpack (= 5.2.2)
-      actionview (= 5.2.2)
-      activejob (= 5.2.2)
+    actionmailbox (6.0.0)
+      actionpack (= 6.0.0)
+      activejob (= 6.0.0)
+      activerecord (= 6.0.0)
+      activestorage (= 6.0.0)
+      activesupport (= 6.0.0)
+      mail (>= 2.7.1)
+    actionmailer (6.0.0)
+      actionpack (= 6.0.0)
+      actionview (= 6.0.0)
+      activejob (= 6.0.0)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.2)
-      actionview (= 5.2.2)
-      activesupport (= 5.2.2)
+    actionpack (6.0.0)
+      actionview (= 6.0.0)
+      activesupport (= 6.0.0)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.2)
-      activesupport (= 5.2.2)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.0)
+      actionpack (= 6.0.0)
+      activerecord (= 6.0.0)
+      activestorage (= 6.0.0)
+      activesupport (= 6.0.0)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.0)
+      activesupport (= 6.0.0)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.2)
-      activesupport (= 5.2.2)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.0)
+      activesupport (= 6.0.0)
       globalid (>= 0.3.6)
-    activemodel (5.2.2)
-      activesupport (= 5.2.2)
-    activerecord (5.2.2)
-      activemodel (= 5.2.2)
-      activesupport (= 5.2.2)
-      arel (>= 9.0)
-    activestorage (5.2.2)
-      actionpack (= 5.2.2)
-      activerecord (= 5.2.2)
+    activemodel (6.0.0)
+      activesupport (= 6.0.0)
+    activerecord (6.0.0)
+      activemodel (= 6.0.0)
+      activesupport (= 6.0.0)
+    activestorage (6.0.0)
+      actionpack (= 6.0.0)
+      activejob (= 6.0.0)
+      activerecord (= 6.0.0)
       marcel (~> 0.3.1)
-    activesupport (5.2.2)
+    activesupport (6.0.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    arel (9.0.0)
-    bcrypt (3.1.12)
+      zeitwerk (~> 2.1, >= 2.1.8)
+    bcrypt (3.1.13)
     builder (3.2.3)
-    byebug (10.0.2)
-    concurrent-ruby (1.1.4)
+    byebug (11.0.1)
+    concurrent-ruby (1.1.5)
     crass (1.0.4)
-    devise (4.5.0)
+    devise (4.7.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 6.0)
+      railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
     diff-lcs (1.3)
-    erubi (1.8.0)
+    erubi (1.9.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    i18n (1.5.3)
+    i18n (1.6.0)
       concurrent-ruby (~> 1.0)
-    jquery-rails (4.3.3)
+    jquery-rails (4.3.5)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    loofah (2.2.3)
+    loofah (2.3.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -85,28 +112,30 @@ GEM
       mimemagic (~> 0.3.2)
     method_source (0.9.2)
     mimemagic (0.3.3)
-    mini_mime (1.0.1)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    nio4r (2.3.1)
-    nokogiri (1.10.1)
+    minitest (5.12.2)
+    nio4r (2.5.2)
+    nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
     orm_adapter (0.5.0)
-    rack (2.0.6)
+    rack (2.0.7)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.2)
-      actioncable (= 5.2.2)
-      actionmailer (= 5.2.2)
-      actionpack (= 5.2.2)
-      actionview (= 5.2.2)
-      activejob (= 5.2.2)
-      activemodel (= 5.2.2)
-      activerecord (= 5.2.2)
-      activestorage (= 5.2.2)
-      activesupport (= 5.2.2)
+    rails (6.0.0)
+      actioncable (= 6.0.0)
+      actionmailbox (= 6.0.0)
+      actionmailer (= 6.0.0)
+      actionpack (= 6.0.0)
+      actiontext (= 6.0.0)
+      actionview (= 6.0.0)
+      activejob (= 6.0.0)
+      activemodel (= 6.0.0)
+      activerecord (= 6.0.0)
+      activestorage (= 6.0.0)
+      activesupport (= 6.0.0)
       bundler (>= 1.3.0)
-      railties (= 5.2.2)
+      railties (= 6.0.0)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -115,35 +144,27 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
+    rails-html-sanitizer (1.2.0)
       loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.2)
-      actionpack (= 5.2.2)
-      activesupport (= 5.2.2)
+    railties (6.0.0)
+      actionpack (= 6.0.0)
+      activesupport (= 6.0.0)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rake (12.3.2)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    rspec-core (3.8.0)
+      thor (>= 0.20.3, < 2.0)
+    rake (13.0.0)
+    responders (3.0.0)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    rspec-expectations (3.8.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+    rspec-mocks (3.8.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.8.0)
-    rspec-rails (3.8.2)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
+    rspec-support (3.8.2)
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -151,16 +172,17 @@ GEM
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
+    sqlite3 (1.4.1)
     thor (0.20.3)
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
     warden (1.2.8)
       rack (>= 2.0.6)
-    websocket-driver (0.7.0)
+    websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
+    zeitwerk (2.1.10)
 
 PLATFORMS
   ruby
@@ -172,12 +194,12 @@ DEPENDENCIES
   jquery-rails
   rails-acu!
   rails-controller-testing
-  rspec-rails (~> 3.5)
+  rspec-rails!
   sprockets (~> 3.7.2)
   sqlite3
 
 RUBY VERSION
-   ruby 2.4.1p111
+   ruby 2.6.3p62
 
 BUNDLED WITH
-   1.16.2
+   2.0.2

data/README.md

@@ -1,4 +1,7 @@
-[![Build Status](https://travis-ci.org/noise2/rails-acu.svg?branch=master)](https://travis-ci.org/noise2/rails-acu)
+[![Build Status](https://travis-ci.org/alphamarket/rails-acu.svg?branch=master)](https://travis-ci.org/alphamarket/rails-acu)
+
+> ### Note:
+> This branch is maintained for **Rails v6.*** and **Ruby v2.6.*** for *Rails v5.** please use `rails-5` branch.
 
 # ACU
 ACU is the acronym for **A**ccess **C**ontrol **U**nit, and it's designed to give the 100% control over permissions on multiple levels of rails application's structure.
@@ -45,11 +48,11 @@ in this gem, resource means any of `namespace`, `controller` and `action`. here
 # config/initializers/acu_rules.rb
 Acu::Rules.define do
   # anyone makes a request could be count as everyone!
-  whois :everyone { true }
+  whois(:everyone) { true }
 
-  whois :admin, args: [:user] { |c| c and c.user_type == :ADMIN.to_s }
+  whois(:admin, args: [:user]) { |c| c and c.user_type == :ADMIN.to_s }
 
-  whois :client, args: [:user] { |c| c and c.user_type == :PUBLIC.to_s }
+  whois(:client, args: [:user]) { |c| c and c.user_type == :PUBLIC.to_s }
 
   # admin can access to everywhere
   allow :admin
@@ -82,7 +85,7 @@ Acu::Rules.define do
     end
 
     controller :contact do
-      action :support {
+      action(:support) {
         allow :client
       }
     end
@@ -130,12 +133,12 @@ Although you can define a binary allow/deny access rule in the `acu_rules.rb` fi
 For those situations you allow the entities to get access but limits their operations in the action/view/layout with the `acu_is?`, `acu_as` and `acu_except` helpers, here is some usage example of them:
 
 ```ruby
-# return true if the entity `:admin`'s block in `whois :admin` return true, otherwise false
+# return true if the entity `:admin`'s block in `whois(:admin)` return true, otherwise false
 acu_is? :admin
 # returns true if any of the given entity's block return true; if none of the was valid, returns false.
 acu_is? [:admin, :client]
 
-# executes the block if current user identified as an admin by `whois :admin`
+# executes the block if current user identified as an admin by `whois(:admin)`
 acu_as :admin do
   puts 'You are identified as an `admin`'
 end

data/lib/acu/monitor.rb

@@ -83,15 +83,20 @@ module Acu
               _entitled_entities << entity.to_s
               # current entity is granted to have the access?
               if is_allowed? action
+                # cache the permision for the entity
+                cache_access _info, _entitled_entities[-1], Rules.GRANT_SYMBOL
                 # grant the access if already not denied
                 _granted = 1 if _granted == -1
               else
+                # cache the permision for the entity
+                cache_access _info, _entitled_entities[-1], Rules.DENY_SYMBOL
                 # deny it, period!
                 _granted = 0
               end
             end
           end
         end
+        
         # if the access is granted? i.e if all the rules are satisfied with the request
         return if _granted == 1 and access_granted _info, _entitled_entities
         # if the access is denied? i.e at least one of rules are NOT satisfied with the request
@@ -103,13 +108,13 @@ module Acu
 
       def valid_for? entity
         # check for existance
-        raise Errors::MissingEntity.new("whois :#{entity}?") if not Rules.entities[entity]
+        raise Errors::MissingEntity.new("whois(:#{entity})?") if not Rules.entities[entity]
         # fetch the entity's identity
         e = Rules.entities[entity]
         # fetch the related args to the entity from the `kwargs`
         kwargs = @kwargs.reject { |x| !e[:args].include?(x) }
         # if fetched args and pre-defined arg didn't match?
-        raise Errors::MissingData.new("at least one of arguments for `whois :#{entity}` is not provided!") if kwargs.length != e[:args].length
+        raise Errors::MissingData.new("at least one of arguments for `whois(:#{entity})` is not provided!") if kwargs.length != e[:args].length
         # send varibles in order the have defined
         e[:callback].call(*e[:args].map { |i| kwargs[i] })
       end
@@ -124,26 +129,26 @@ module Acu
       def hit_cache _info
         # return [didn't hit] if not allowed to use cache
         return false if not Configs.get :use_cache
+        # fetched cached data for current info
+        cached_data = Rails.cache.read cache_name(_info), cache_options
+        # return not hit if no cached data found
+        return false if not cached_data
         # fetch the relative entities to this request
-        _entitled_entities = Rules.entities.select { |name, _| valid_for? name }
-        # fetch the cache-name
-        cname = cache_name _info, _entitled_entities
-        # return [didn't hit] if not found in cache
-        return false if not Rails.cache.exist? cname, cache_options
-        # check if the request is allowed in cache?
-        if is_allowed?(Rails.cache.read(cname, cache_options).to_s.to_sym)
-          # grant the access
-          access_granted _info, _entitled_entities.keys, from_cache: true
-        else
-          # deny the access
-          access_denied _info, _entitled_entities.keys, from_cache: true
-        end
-        # hit the cache
-        return true
+        _entitled_entities = Rules.entities.select { |name, _| valid_for? name }.keys.map(&:to_sym)
+        # check if any of entities is among the should-denied ones?
+        denied = cached_data[Rules.DENY_SYMBOL] & _entitled_entities
+        # check if any of entities is among the should-grant ones?
+        granted = cached_data[Rules.GRANT_SYMBOL] & _entitled_entities
+        # check if we have any resons to deny the access?
+        return true if not denied.empty? and access_denied _info, denied, from_cache: true
+        # o.w. grant the access if any explicit rule
+        return true if not granted.empty? and access_granted _info, granted, from_cache: true
+        # if not granted nor denied by cache, discard the cache data & proceed
+        return false
       end
 
-      def cache_name _info, entities
-        "%s-%s" %[_info.to_a.join('::'), (entities.kind_of?(Array) ? entities : entities.keys).join("-")]
+      def cache_name _info, entities = []
+        ("%s-%s" %[_info.to_a.join('::'), (entities.kind_of?(Array) ? entities : entities.keys).sort.join("-")]).gsub(/-+$/, "")
       end
 
       def is_allowed? action
@@ -172,20 +177,29 @@ module Acu
         Logger.new(Configs.get :audit_log_file).info(log) if file and not file.blank?
       end
 
+      def cache_access _info, entities, symbol
+        if not Rails.cache.exist?(cache_name(_info), cache_options)
+          Rails.cache.write(cache_name(_info), {
+            Rules.DENY_SYMBOL => [],
+            Rules.GRANT_SYMBOL => []
+          }, cache_options)
+        end
+        cache_data = Rails.cache.read cache_name(_info), cache_options
+        cache_data[symbol] += [entities].flatten.map(&:to_sym)
+        cache_data[symbol] = cache_data[symbol].flatten.uniq
+        Rails.cache.write cache_name(_info), cache_data, cache_options
+      end
+
       def access_granted _info, entities, by_default: false, from_cache: false
         # log the event
-        log_audit ("[-]" + (from_cache ? '[c]' : '') + " access GRANTED to `#{_info}` as `:#{entities.uniq.join(", :")}`" + (by_default ? " [autherized by :allow_by_default]" : ""))
-        # cache the event if not already from cache
-        Rails.cache.write(cache_name(_info, entities), Rules.GRANT_SYMBOL, cache_options) if not from_cache and Configs.get :use_cache
+        log_audit ("[-]" + (from_cache ? '[c]' : '') + " access GRANTED to `#{_info}` as `:#{entities.uniq.sort.join(", :")}`" + (by_default ? " [autherized by :allow_by_default]" : ""))
         # grant the access
         true
       end
 
       def access_denied _info, entities, by_default: false, from_cache: false
         # log the event
-        log_audit ("[x]" + (from_cache ? '[c]' : '') + " access DENIED to `#{_info}` as `:#{entities.uniq.join(", :")}`" + (by_default ? " [autherized by :allow_by_default]" : ""))
-        # cache the event if not already from cache
-        Rails.cache.write(cache_name(_info, entities), Rules.DENY_SYMBOL, cache_options) if not from_cache and Configs.get :use_cache
+        log_audit ("[x]" + (from_cache ? '[c]' : '') + " access DENIED to `#{_info}` as `:#{entities.uniq.sort.join(", :")}`" + (by_default ? " [autherized by :allow_by_default]" : ""))
         # deny the access
         raise Errors::AccessDenied.new("you don't have the enough access for process this request!")
       end